home

Li Mo

Publisher Information

Li Mo is a software developer located in Guilin, Guangxi in China*. The company is a primary distributor of unwanted software. Thre are 9 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
8/4/2014 2:00:00 AM

Valid to:
8/12/2015 2:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06308c3cb3c78318d687be76cbccfdd8

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.LiMo.X, PUP.LiMo.K, PUP.LiMo.U, PUP.LiMo.AA, PUP.LiMo.O, PUP.LiMo.Q, PUP.LiMo.M, PUP.LiMo.Y, PUP.LiMo.S, PUP.LiMo.CC, PUP.LiMo.G, PUP.ELEX.LiMo (M), PUP.ELEX (M)
100.00%

MicroWorld eScan
Gen:Application.Elex.1
48.00%

Bitdefender
Gen:Application.Elex.1
48.00%

G Data
Gen:Application.Elex
48.00%

AVG
Generic, LiMo
48.00%

F-Secure
Gen:Application.Elex.1
46.00%

AhnLab V3 Security
PUP/Win32.SearchHijacker, PUP/Win32.Amonetize
44.00%

Lavasoft Ad-Aware
Gen:Application.Elex.1
42.00%

Agnitum Outpost
Riskware.Agent
38.00%

IKARUS anti.virus
Gen.Application.Elex, PUA.LiMo
38.00%

1 / 68      (Adware)
adks_sweet-page.exe (2006_adks_sweet-page by One Syn)  (ae64275405f6e645727da081540ac8e3)

1 / 68      (Adware)
smt_omiga-plus.exe (2031_smt_omiga-plus by JWTab)  (bb3b31f952b908da1c91527d358895c2)

1 / 68      (Adware)
0886270976 (2010_sfpsnew2_v9 by One Syn)  (9dcbe62530522a468c75f673952f195c)

1 / 68      (Adware)
nov24_cor_sweet-page.exe (1804_cor_sweet-page by One Syn)  (ada597b907e9f8bb0250f263b67f237a)

1 / 68      (Adware)
mystartsearch.exe (1859_sky_mystartsearch by JWTab)  (3154daeee3a6f1b45ab4c7b8a27534e1)

1 / 68      (Adware)
nsbit_webssearches.exe (2070_nsbit_webssearches by JWTab)  (d222505c42b76a434978acb0edabd3c6)

1 / 68      (Adware)
sfpsnew3_mystartsearch.exe (2065_sfpsnew3_mystartsearch by JWTab)  (8b5be8a341fbcb7e00955e337f11ef71)

1 / 68      (Adware)
mystartsearch_soft_partner.exe (2003_tt4u_mystartsearch by One Syn)  (3b2c661628a075d9721de47fac8f1f6b)

1 / 68      (Adware)
by48me8tag.exe (2056_exp_webssearches by JWTab)  (8793cba0da1c13fe2a202f28d72ad2c9)

1 / 68      (Adware)
sien_mystartsearch.exe (2103_sien_mystartsearch by JWTab)  (0e246f3bcda79672045c0e85cb63ab3c)

1 / 68      (Adware)
mind_webssearches.exe (2105_mind_webssearches by JWTab)  (27cea05170976b629770f8be02991a78)

1 / 68      (Adware)
~gyectep.exe (2074_ill_webssearches by JWTab)  (f8f127af3396c2a89850ce17c0c0f484)

1 / 68      (Adware)
sfpsnew1_mystartsearch.exe (2008_sfpsnew1_mystartsearch by One Syn)  (93de1498ae55c61180764d0c273da129)

1 / 68      (Adware)
air_v9_11_21_14.exe (2029_air_v9 by One Syn)  (b8291ba3f7b0ad1c0128ad7fa8cd3bcb)

1 / 68      (Adware)
adks_omiga-plus.exe (2004_adks_omiga-plus by One Syn)  (8c354ea65c3b0f4a7e978b11f32defea)

1 / 68      (Adware)
smt_mystartsearch.exe (1998_smt_mystartsearch by JWTab)  (cb6c8e5b3a17172416d10f2b07f85710)

1 / 68      (Adware)
ill_webssearches.exe (2018_ill_webssearches by One Syn)  (1d1bc2749f99a63fab4121ac0979fbe9)

1 / 68      (Adware)
smt_omiga-plus.exe (1955_smt_omiga-plus by One Syn)  (9b0dff6d7f2be9c965c2f5425e1a9b0b)

1 / 68      (Adware)
ild_mystartsearch.exe (2040_ild_mystartsearch by JWTab)  (c59caac95cd84024eac5817e4596a1e1)

1 / 68      (Adware)
w3i_webssearches.exe (2076_w3i_webssearches by JWTab)  (572f39158d24cd8474c0b65c44834b62)

1 / 68      (Adware)
sfpsnew1_mystartsearch.exe (2063_sfpsnew1_mystartsearch by JWTab)  (449eb6ba2525756cefb7afbed5f130f4)

1 / 68      (Adware)
lly_mystartsearch.exe (2039_tugs_mystartsearch by JWTab)  (19675f42e30c0732cc7a10e7d2aa7128)

1 / 68      (Adware)
0_offer_1.exe (2099_obw_omiga-plus by One Syn)  (0bb690c5d18fb08b1ef33504eb485ef6)

1 / 68      (Adware)
cvs_webssearches.exe (1848_cvs_webssearches by JWTab)  (5497659d5aba870d1b6539e885d0df1b)

1 / 68      (Adware)
nsbes_webssearches.exe (2069_nsbes_webssearches by JWTab)  (8f45a0ffa880877c8d485a9a16ad3460)

1 / 68      (Adware)
webssearches_2411-6ecfdf60.exe (1882_slbnew_webssearches by JWTab)  (316551dcba4d4de33ac287655f85ac16)

16 / 68    (Adware)
3604446402 (2079_sfpsnew2_v9 by JWTab)  (40a30ff697056bea5af8daf56f8ee0f8)

17 / 68    (Adware)
scl_webssearches.exe (2058_scl_webssearches by JWTab)  (cec004f1cba85ba89cb2d707e103c2f1)

17 / 68    (Adware)
v9_pariente_soft_partner.exe (1990_brd_v9 by One Syn)  (d28acdac6ddd61dfd5ca9a8e13a5ddaf)

15 / 68    (Adware)
bdo_mystartsearch.exe (2028_bdo_mystartsearch by One Syn)  (e9005dfa4b90178596906096b3920266)

 
Latest 30 of 65 files

Downloads URLs for files signed by Li Mo.

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../sfpsnew2_v9.exe  (9dcbe62530522a468c75f673952f195c)

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../adks_omiga-plus.exe  (8c354ea65c3b0f4a7e978b11f32defea)

19 / 68    (Adware)
http://www.girlliuxiaoqing.com/.../nsbfr_webssearches.exe  (565dffe3614ed34f9cc3d5a743200c4c)

13 / 68    (Adware)
http://cdn.airdlr8.com/downloads/offers/.../air_omiga-plus_11_21_14.exe  (18ef4be7393503db19b2417de3f757a7)

17 / 68    (Adware)
http://www.girlliuxiaoqing.com/.../scl_webssearches.exe  (cec004f1cba85ba89cb2d707e103c2f1)

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../sfpsnew1_mystartsearch.exe  (449eb6ba2525756cefb7afbed5f130f4)

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../obw_omiga-plus.exe  (0bb690c5d18fb08b1ef33504eb485ef6)

1 / 68      (Adware)
http://www.girlliuxiaoqing.com/.../nsbes_webssearches.exe  (8f45a0ffa880877c8d485a9a16ad3460)

The following websites host and distribute files published by Li Mo.

www.girlliuxiaoqing.com

cdn.airdlr8.com

The certificates below are also signed by Li Mo.

09CE096F35659BC891BE9713130F3019  (Jul 16, 2015 to Sep 13, 2016)

043D25C59C374D87F947A9A448031E94  (Jul 16, 2015 to Sep 13, 2016)

0A661DB1DB132545D560DF1B8F8F72CE  (Jul 15, 2015 to Sep 13, 2016)

0BF14271D8A8ADE8A541CE8C8E1D75A1  (Aug 04, 2014 to Aug 12, 2015)

0381C5BAABACBA4D9D35F2C35CC5326B  (Aug 04, 2014 to Aug 12, 2015)

078E6AB78826A47B4AE05D93CF737658  (Aug 04, 2014 to Aug 12, 2015)

0F53999A8B9372F6AAC4844D7A5BE2CE  (Aug 04, 2014 to Aug 12, 2015)

0ACFC920404BD14F120697BDFEE3E5C9  (Aug 04, 2014 to Aug 12, 2015)

0226284B6EE43FB2E43A2888B7D5BA02  (Aug 03, 2014 to Aug 12, 2015)

The following publishers (by Authenticode signature organization name) are related.

Liyan Liu

Shulan Hou

Fuyuan Zhou

Ma Lin

Taiming Li

Xiaoqing Liu

Zhang Ling

Search Results, LLC

InstallX, LLC

Smart PC Solutions, Inc.

Conduit Ltd.

Beijing ELEX Technology Co.,Ltd

ClientConnect LTD

bomlabio

Web Cake

SecureInstall, LLC

Super Web LLC

Perion Network Ltd.

Buzzdock LLC

* Note, the details and description above are based on the code signing digital signature issued to Li Mo by DigiCert Inc on August 04, 2014 with the serial number '06308c3cb3c78318d687be76cbccfdd8'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.